| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed Mar 1 07:55:16 2006 From: tastytastybeef at googlemail.com (Gary Leons) Subject: reduction of brute force login attempts via SSHthrough iptables --hashlimit On 2/28/06, Josh Berry <josh.berry@...schematics.com> wrote: > > I guess it makes you feel bigger and better to be an @sshole on a public > mailing list but I don't think that anyone is impressed with the fact that > you aren't offering any better ideas; just name-calling and showing a low > maturity level. > I'm not trying to impress you, i'm trying to make sure anyone who uses this script is aware of the security implications of doing so, this list is called FULL-DISCLOSURE, which is exactly what i'm doing. > > I could be wrong, but doesn't last/lastb show users have have logged > in/out. Therefore it wouldn't necessarily catch brute-forcers (unless > they were actually successful)? Yes you could be wrong, how long would it have taken to type man lastb and check? it lists failed login attempts, which is exactly what you want. > This guy was just trying to be helpful and demonstrate a way of blocking > (or attempting to block) brute-forcers. You aren't providing any value, > just being a d!ck. Are you on the correct mailing list? this list is for the disclosure of security vulnerabilities, I think adding arbitrary firewall rules to someone elses machine is a security issue worthy of disclosure by anyone's standards.
Powered by blists - more mailing lists